Equifax Inc. said criminals exploited web-server software in the data breach that affected potentially 143 million Americans, but didn’t offer further detail on who may have been behind the hack.
The company confirmed late Wednesday in what it called a progress report that hackers exploited a vulnerability with a U.S. website application called Apache Struts CVE-2017-5638. The Wall Street Journal reported last Friday that Apache Struts was a possible source of the breach.
Check out: Still confused after the Equifax breach? Here’s what you need to know
And see: How investors can punish Equifax for failing the public
Equifax EFX, -14.63% also shared information that suggests the company doesn’t know the full extent of the breach. The company said it “has been intensely investigating the scope of the intrusion” with help from a cybersecurity firm to determine what information was accessed and who has been affected.
An expanded version of this report appears on WSJ.com.
Also popular on WSJ.com:
A new surprise airline fee
Flynn promoted Mideast nuclear plant project while in White House